<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <title>存储型 XSS 演示</title>
</head>
<body>
  <h2>留言板（存储型 XSS 示例）</h2>

  <form id="form">
    <input id="msg" placeholder="输入留言">
    <button type="submit">提交</button>
  </form>

  <div id="board"></div>

  <script>
    const board = document.getElementById("board");
    const form = document.getElementById("form");

    // 加载时读取存储的留言
    board.innerHTML = localStorage.getItem("msg") || "";

    // 提交留言
    form.addEventListener("submit", e => {
      e.preventDefault();
      const msg = document.getElementById("msg").value;

      // 🚨 存储型漏洞：直接存储并渲染
      localStorage.setItem("msg", msg);
      board.innerHTML = msg;
    });

    // <img src=x onerror="alert('Stored XSS!')">
  </script>
</body>
</html>
